This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
OAuth 2.0 Security Considerations
OAuth 2.0 Security Considerations

Version management

Difference between version and

At line 1 added 24 lines
!!! Overview
[{$pagename}] are [Security Considerations] that should be read and when applicable implemented when using [OAuth 2.0].
[{$pagename}] is [{$applicationname}]'s "catch all" for [OAuth 2.0], [OpenID Connect] and [User-Managed Access] [Security Considerations]:
* [OAuth 2.0 Vulnerabilities]
* [OAuth 2.0 Threat Model and Security Configurations]
* [OAuth 2.0 Security Best Current Practice]
* [Internet Draft] [JSON Web Token Best Current Practices]
* [Internet Draft] [OAuth 2.0 JWT Secured Authorization Request]
* [Internet Draft] [OAuth 2.0 Authorization Server Metadata]
* [Explicit Endpoint]
* [Covert Redirect Vulnerability]
!! [Confidentiality] and [Integrity]
The [OAuth 2.0] [protocol] does not guarantee [Confidentiality] or [Integrity] of communications. That means you [MUST] protect [HTTP] communications using an additional layer. The usage of [SSL]/[TLS] (HTTPS) to encrypt the communication channel from the client to the server.
Always use [HTTPS|TLS] for [OAuth 2.0], as it it the only way to guarantee message [Confidentiality] or [Integrity]!
!! Token Life
The spec does not mandate the lifetime and scope of the issued [Tokens]. The implementation is free to have a [Token] live forever. Although most of the implementations provide us with short-lived [Access Tokens] and a [Refresh Token], be sure to check the [Token] lifetime and scope.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop